Java versions in SonarQube

SonarQube Java analyzer is able to analyze any kind of Java source files regardless of the version of Java they comply with or be independent of the version you analyze with.

Understanding how to use different Java versions in the same SonarQube instance in the right places could help avoid analysis errors.

Analysis Error example

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.8.0.2131:sonar (default-cli) on project MyTestProject: Execution default-cli of goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.8.0.2131:sonar failed: An API incompatibility was encountered while executing org.sonarsource.scanner.maven:sonar-maven-plugin:3.8.0.2131:sonar: java.lang.UnsupportedClassVersionError: org/sonar/batch/bootstrapper/EnvironmentInformation has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0.

Root cause

Maven project is built with Java 8, but SonarScanner is running with Java 11. Therefore, an API incompatibility error is raised.

Different Java is used in SonarQube in different places. The following instructions are only for Java projects analyzed in SonarQube.

  1. Java used to build Java projects before analysis - Java projects must be built before running SonarQube analysis. It can be compiled with or to whatever version is convenient / correct for your project.
  2. Java used to run SonarQube server - must be Java 11.
  3. Java used to run SonarScanner - Java 8 in SonarQube 8.9, Java 11 in SonarQube 9.0 and higher. Please refer to Scanner Environment.
  4. Java rules for SonarQube analysis - we have rules for Java 8, 11, and 17 - sonar.java.source is to tell SonarQube which ruleset should be applied to the project.

Java analyzer will automatically refer to the JDK classes that SonarScanner is using. If you are not using the same JDK version as SonarScanner to build your projects, you need to specify which JDK classes the analyzer must refer to during the analysis via property sonar.java.jdkHome to resolve the incompatibility issue. For example, since SonarQube 9.0, you must use Java 11 to run SonarScanner. But it’s still possible to analyze your Java 8 projects by adding

sonar.java.jdkHome=path_to_jdk8

For Maven/Gradle projects, if you configure Toolchains correctly - Toolchains Maven, Toolchains Gradle, you don’t need to do anything. Maven/Gradle will handle different JDK versions used for the build and for the analysis automatically. Same for sonar.java.source, Maven/Gradle will detect it automatically as well.

Since ​​SonarQube 9.2, we started to support analyzing Java 17 projects. Since SonarQube 9.3, we support more specific features of Java 17.

Solution

Execute SonarQube analysis with the property sonar.java.jdkHome pointing to JDK 8 path, like

mvn sonar:sonar
-Dsonar.login=xxxxxxxxxxxxx
-Dsonar.host.url=http://localhost:9001/sonarqube
-Dsonar.java.jdkHome=/Library/Java/JavaVirtualMachines/jdk1.8.0_301.jdk/Contents/Home